2b5af093f8d1ca615b0b43e9efc7de13_JaffaCakes118

General

Target

2b5af093f8d1ca615b0b43e9efc7de13_JaffaCakes118
Size

30KB
MD5

2b5af093f8d1ca615b0b43e9efc7de13
SHA1

2657a294afbfc62000e13c999608d5d48e55a032
SHA256

6b50737347726163d581f8643e6404c25075fd49e4b0c9642f201df22b052097
SHA512

63fb8cfd4027e0165077c7f8f20c8da2fc60fcc32f35d09d8094e6883cfe33b60a0edf5e416888ccbe881a056a65fafdb9d52e9b50c35111e52551940d1d7f4e
SSDEEP

768:MtUKyHWd1iFmJqsrNGfn6ZouUQGMYSuLL:MtUT2OSNGfnAoS0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b5af093f8d1ca615b0b43e9efc7de13_JaffaCakes118

Files

2b5af093f8d1ca615b0b43e9efc7de13_JaffaCakes118
.sys windows:5 windows x86 arch:x86

856feda54e39a5f9718a2e837b1964f6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExFreePoolWithTag
ExReleaseResourceForThreadLite
ExConvertExclusiveToSharedLite
ExAcquireSharedWaitForExclusive
ExAllocatePool
ExReleaseResourceLite
ExSetResourceOwnerPointer
ObGetObjectSecurity
VerSetConditionMask
ZwQuerySymbolicLinkObject
strstr
RtlIntegerToUnicodeString
wcsncpy
ZwCreateDirectoryObject
ZwPowerInformation
RtlUnicodeStringToAnsiString
ZwDeleteValueKey
RtlInitString
wcsncat
RtlCompareString
ZwSetInformationFile
wcsstr
ZwEnumerateValueKey
RtlAppendUnicodeStringToString
RtlFreeAnsiString
ZwDeleteFile
IoAllocateIrp
ZwOpenProcess
RtlCopyUnicodeString
RtlUnicodeStringToInteger
ZwCreateSection
wcsncmp
ZwQueryInformationFile
ZwOpenSection
ObReferenceObjectByPointer
RtlSplay
memset

Exports

Exports

_Delete_ExMark@4
_Insert_ExMark@8

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.code
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

archive
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

856feda54e39a5f9718a2e837b1964f6

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.code Size: 2KB - Virtual size: 1KB

archive Size: 1024B - Virtual size: 1024B

INIT Size: 2KB - Virtual size: 1KB

.rsrc Size: 21KB - Virtual size: 21KB

.reloc Size: 512B - Virtual size: 288B

.text
Size: 2KB - Virtual size: 1KB

.code
Size: 2KB - Virtual size: 1KB

archive
Size: 1024B - Virtual size: 1024B

INIT
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 21KB - Virtual size: 21KB

.reloc
Size: 512B - Virtual size: 288B